Timo Sirainen [Mon, 25 Feb 2019 18:55:03 +0000 (20:55 +0200)]
fs-posix: fs_read_stream() - Don't close file's fd
This is especially important with newly created files, because they may
still be accessed after reading. The next file access attempt after
fs_read_stream() might cause the file to be recreated and crash.
Timo Sirainen [Tue, 19 Feb 2019 08:17:45 +0000 (10:17 +0200)]
lib: istream-seekable - Change stream to be blocking=TRUE after reaching EOF
After EOF is reached, the stream is now fully read into file or memory.
read()s can no longer return 0, so blocking=TRUE can be used.
Some callers were reusing the seekable stream in places that required
blocking=TRUE.
Fixes at least with imapsieve vnd.dovecot report extension:
Panic: file ostream.c: line 427 (o_stream_nsend_istream): assertion failed: (instream->blocking)
Stephan Bosch [Thu, 27 Dec 2018 13:13:15 +0000 (14:13 +0100)]
lib-smtp: client: Move connection to TRANSACTION state immediately when a transaction is started.
Before, it waited until the actual start handler was called from timeout, but
that causes a race condition with mtp_client_connection_abort_transaction(),
which in turn causes an assert panic.
Phil Carmody [Tue, 19 Jun 2018 12:30:36 +0000 (15:30 +0300)]
m4/dovecot.m4: rename valgrind output file to hide it from certain tests
Some lib-http tests use readdir() to create test cases, and sometimes
object to the contents of test.out.$$. However, as lib-http is also
sensitive to certain characters in the filenames of the files it uses,
we can hide the valgrind output by chosing its filename to exclude it
from the lib_http tests. Non-initial '~' is not known to cause any issues
for either the shell or any known operating system, so is the safest of
lib-http's 'dodgy' characters to use as the separator.
Phil Carmody [Tue, 19 Jun 2018 10:29:46 +0000 (13:29 +0300)]
lib-http: increase pool sizes in tests
Pool growth messages spam the test output, just dive in with a slightly
larger default to shut them up. Only affects these individual tests,
not any other users of the library.
Phil Carmody [Thu, 14 Jun 2018 05:51:37 +0000 (08:51 +0300)]
lib-http: harden payload tests against dodgy filenames
Tests use files from readdir() as input, but do no sanitation of the
names, and therefore things like editor temp files can cause havoc
with the HTTP request parser.
The solution is to trap dodgy characters in the filenames, and ignore
those files. Initially, trap HTTP's "unsafe" and "reserved" characters.
Timo Sirainen [Sat, 15 Dec 2018 14:24:42 +0000 (16:24 +0200)]
lib-mail: ostream-dot - Fix potential assert-crash when parent stream buffer gets full
If max_bytes=1, the (max_bytes-2) calculation brings it to (size_t)-1. This
causes too much data to be sent to the parent stream, which then returns a
partial write and causes an assert-crash.
The final chunk calculation doesn't need the -2 check, because additional
bytes aren't inserted at that point.
Fixes:
Panic: file ostream-dot.c: line 208 (o_stream_dot_sendv): assertion failed: ((size_t)ret == sent + added)
Phil Carmody [Tue, 30 Jan 2018 12:14:42 +0000 (14:14 +0200)]
lib/randgen - warn when DOVECOT_SRAND is not able to be used
As suggested by Jeff, it's friendly to warn if we're unable to act
upon the request for reproduceable random numbers because we're not
built for that.
Note, this deliberately permits a blank string, so that you can
silence the warning by prefixing a command with an empty
DOVECOT_SRAND=
which is taken as an explicit attempt to disable use of the feature.
Phil Carmody [Mon, 11 Dec 2017 12:03:13 +0000 (14:03 +0200)]
lib/lib-test: restore DOVECOT_SRAND feature in DEBUG builds
Add a deterministic PRNG, an ability to force its use, and an
ability to re-use the same sequence later.
Since proper random numbers have been forced into use, making
reproducable tests isn't quite as easy as it used to be, it's 3 steps
rather than 2. When seeing an intermittent test failure:
- rerun the tests with environmental variable DOVECOT_SRAND=kiss
- upon seeing a new failure case, note the seed logged at the failure
- debug using DOVECOT_SRAND=<that number>
In non-DEBUG builds, there's no trace of this code, and the
randomisation that is an inherent part of many tests remains
non-reproduceable.
Works with all of the RNG preferences, getrandom/urandom/arc4.
Stephan Bosch [Mon, 3 Dec 2018 17:45:43 +0000 (18:45 +0100)]
lib-smtp: client: Make sending the XCLIENT command(s) always implicit and do it only once.
For most servers, XCLIENT changes the ip:port identity of the client, causing it
to lose privileges to send more XCLIENT commands. For long XCLIENT commands
split in a series of XCLIENT commands, the ip:port parameters were sent last
already, so that did not cause problems even before this change. However, the
old code assumed it could update XCLIENT fields later on, which is often not
possible.
Stephan Bosch [Mon, 3 Dec 2018 17:45:42 +0000 (18:45 +0100)]
lib-smtp: client: Allow deferring sending the XCLIENT command until authentication or first mail transaction.
This allows updating the proxy data until the XCLIENT command actually needs to
be sent. For submission, this means that later EHLO domain changes can still be
accounted for. This change makes the simplifications in subsequent changes
easier.
Timo Sirainen [Wed, 31 Oct 2018 15:19:42 +0000 (17:19 +0200)]
lib-fs: If fs_get_metadata() isn't implemented, return internal metadata anyway
The metadata is sometimes used for transferring internal metadata within the
files. This metadata isn't stored to disk. So even if the fs driver doesn't
support metadata at all, it should still be possible to get/set the internal
metadata. Setting it was already possible, but getting wasn't.
Stephan Bosch [Thu, 1 Nov 2018 00:14:50 +0000 (01:14 +0100)]
lib-smtp: server: recipient: Hold a reference to the recipient while calling a non-destroy hook.
Prevents memory problems when the hook inadvertently gets the recipient
destroyed. Unlike the server command, this is not strictly necessary for the
recipient object, but we add this anyway to prevent future problems when the
recipient implementation becomes more complex (e.g. with additional hooks).
Unlike the server command, this is not strictly necessary for the recipient
object, but we add this anyway to prevent future problems when the recipient
implementation becomes more complex.
Stephan Bosch [Fri, 26 Oct 2018 19:00:00 +0000 (21:00 +0200)]
submission: Add support for modifying the transaction path and parameters in the trans_start backend vfunc.
To keep the changes limited to a particular backend, the server transaction
cannot be modified. Also, creating a mock server transaction and passing it on
is not a good idea, since it is not a simple container struct.
Stephan Bosch [Thu, 18 Oct 2018 21:35:05 +0000 (23:35 +0200)]
submission: Add backend vfunc called when the backend is ready.
For a relay backend, this means that the connection is fully connected and
handshaked. For any backend it means the capabilities are known (and passed as a
parameter to the ready function).
Stephan Bosch [Fri, 19 Oct 2018 15:12:10 +0000 (17:12 +0200)]
submission: relay backend: VRFY command: Avoid forwarding 500 and 502 replies back to client.
These are in fact non-standard for VRFY and indicate that VRFY support is
disabled, which is not allowed by the specification. Instead, we now substitute
the default 252 response.
Stephan Bosch [Thu, 18 Oct 2018 22:35:53 +0000 (00:35 +0200)]
submission: relay backend: Fix non-transaction commands to work when submission_backend_capabilities is configured.
When submission_backend_capabilities is configured, the backend is not started
until the first transaction is started. But for commands that should work
outside the transaction, the backend should also be started, which was not the
case before this fix.
projects / thirdparty / dovecot / core.git / log
